Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde And Others Please Help


  • This topic is locked This topic is locked
2 replies to this topic

#1 shauny123

shauny123

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 05 April 2008 - 07:36 PM

hi im strugling to rid my machine of these pesky viruses have run hijack this and kaspersky and results included below have also run spy bot and avg plus adaware also in safe mode hope all this means somthing to someone thanks shauny


Deckard's System Scanner v20071014.68
Run by shaun on 2008-04-06 10:16:13
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as shaun.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:18 AM, on 6/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\shaun\LOCALS~1\Temp\TipVmUg5.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\shaun\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\shaun.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: (no name) - {519FFEFE-5851-4DD1-9915-C641FA8F2F1A} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {BCC632DF-D5F0-4545-9B1E-43EE7B04E143} - C:\WINDOWS\system32\mllmk.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [BM37dfcfac] Rundll32.exe "C:\WINDOWS\system32\tqhkfnkl.dll",s
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: ScanPanel.lnk = C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O20 - Winlogon Notify: cbxuvwu - cbxuvwu.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8303 bytes

-- Files created between 2008-03-06 and 2008-04-06 -----------------------------

2008-04-06 10:17:09 0 d-------- C:\Program Files\Trend Micro
2008-04-06 08:18:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-06 08:18:17 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-06 08:18:17 0 d-------- C:\WINDOWS\LastGood
2008-04-06 07:34:11 53248 --a------ C:\WINDOWS\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-04-06 06:58:29 68096 --a------ C:\WINDOWS\zip.exe
2008-04-06 06:58:29 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-06 06:58:29 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-06 06:58:29 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-06 06:58:29 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-06 06:58:29 98816 --a------ C:\WINDOWS\sed.exe
2008-04-06 06:58:29 80412 --a------ C:\WINDOWS\grep.exe
2008-04-06 06:58:29 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-04 15:46:10 29248 --a------ C:\WINDOWS\system32\RA63NMEg.exe
2008-04-03 16:48:42 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 16:42:58 1840 --a------ C:\WINDOWS\system32\winsms.dll
2008-03-30 06:57:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-29 20:04:43 0 d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-03-29 19:13:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-03-29 19:12:58 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-03-29 19:12:58 0 d-------- C:\Documents and Settings\shaun\Application Data\SUPERAntiSpyware.com
2008-03-29 19:11:10 3788 --a------ C:\WINDOWS\system32\tmp.reg
2008-03-29 13:32:56 0 d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-03-29 11:12:19 0 d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-24 08:42:05 0 d-------- C:\Program Files\iPod
2008-03-24 08:42:01 0 d-------- C:\Program Files\iTunes
2008-03-24 08:41:14 0 d-------- C:\Program Files\QuickTime
2008-03-21 06:26:19 0 d-------- C:\trojan removers
2008-03-17 14:47:46 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-16 08:29:12 0 d--hs---- C:\found.000
2008-03-11 19:02:18 0 d-------- C:\Documents and Settings\shaun\Application Data\Grisoft
2008-03-10 19:22:35 0 d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2008-03-10 19:22:22 0 d--h----- C:\Documents and Settings\Administrator\Templates
2008-03-10 19:22:22 0 dr------- C:\Documents and Settings\Administrator\Start Menu
2008-03-10 19:22:22 0 dr-h----- C:\Documents and Settings\Administrator\SendTo
2008-03-10 19:22:22 0 d--h----- C:\Documents and Settings\Administrator\Recent
2008-03-10 19:22:22 0 d--h----- C:\Documents and Settings\Administrator\PrintHood
2008-03-10 19:22:22 1835008 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2008-03-10 19:22:22 0 d--h----- C:\Documents and Settings\Administrator\NetHood
2008-03-10 19:22:22 0 d-------- C:\Documents and Settings\Administrator\My Documents
2008-03-10 19:22:22 0 d--h----- C:\Documents and Settings\Administrator\Local Settings
2008-03-10 19:22:22 0 d-------- C:\Documents and Settings\Administrator\Favorites
2008-03-10 19:22:22 0 d-------- C:\Documents and Settings\Administrator\Desktop
2008-03-10 19:22:22 0 d---s---- C:\Documents and Settings\Administrator\Cookies
2008-03-10 19:22:22 0 dr-h----- C:\Documents and Settings\Administrator\Application Data
2008-03-10 19:22:22 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft


-- Find3M Report ---------------------------------------------------------------

2008-04-05 20:01:44 0 d-------- C:\Documents and Settings\shaun\Application Data\AVG7
2008-03-30 06:58:30 0 d-------- C:\Program Files\Lavasoft
2008-03-30 06:58:29 0 d-------- C:\Documents and Settings\shaun\Application Data\Lavasoft
2008-03-17 14:47:46 0 d-------- C:\Program Files\Common Files
2008-03-14 14:08:27 0 d-------- C:\Program Files\Java
2008-03-02 06:51:27 0 d-------- C:\Documents and Settings\shaun\Application Data\Apple Computer
2008-02-21 12:55:35 0 d-------- C:\Documents and Settings\shaun\Application Data\Adobe
2008-02-06 06:01:37 0 d-------- C:\Program Files\WinAce
2008-01-22 18:17:06 30600 --a------ C:\WINDOWS\AWhiteuG6.dat
2008-01-22 18:17:06 4 --a------ C:\WINDOWS\AErroru3.dat
2008-01-22 18:17:04 30600 --a------ C:\WINDOWS\ADarkuG6.dat
2008-01-22 18:17:02 30600 --a------ C:\WINDOWS\AWhiteuG3.dat
2008-01-22 18:17:00 30600 --a------ C:\WINDOWS\ADarkuG3.dat
2008-01-22 18:16:58 30600 --a------ C:\WINDOWS\AWhiteu12.dat
2008-01-22 18:16:56 30600 --a------ C:\WINDOWS\ADarku12.dat
2008-01-22 18:16:55 6 --a------ C:\WINDOWS\EExpou.dat
2008-01-22 18:16:52 1 --a------ C:\WINDOWS\EOffsetu.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{519FFEFE-5851-4DD1-9915-C641FA8F2F1A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC632DF-D5F0-4545-9B1E-43EE7B04E143}]
C:\WINDOWS\system32\mllmk.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [31/10/2006 08:35 AM]
"nwiz"="nwiz.exe" [31/10/2006 08:35 AM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [31/10/2006 08:35 AM]
"RTHDCPL"="RTHDCPL.EXE" [26/02/2007 05:03 PM C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [16/05/2006 08:04 PM C:\WINDOWS\SkyTel.exe]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [22/12/2007 09:43 AM]
"EPSON Stylus C45 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.exe" [14/01/2004 04:00 AM]
"CloneCDTray"="C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" [19/05/2005 11:47 PM]
"NWEReboot"="" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [12/01/2006 03:40 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 03:25 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11/06/2007 07:25 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [31/01/2008 10:13 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [19/02/2008 12:10 PM]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" []
"BM37dfcfac"="C:\WINDOWS\system32\tqhkfnkl.dll" []
"Alcmtr"="ALCMTR.EXE" [03/05/2005 08:43 PM C:\WINDOWS\Alcmtr.exe]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [03/08/2004 11:56 PM]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [19/01/2007 12:54 PM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [16/07/2007 03:17 PM]
"Shareaza"="C:\Program Files\Shareaza\Shareaza.exe" [05/02/2007 04:05 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [18/12/2007 06:37 PM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 4:44:06 AM]
ScanPanel.lnk - C:\Program Files\ArtecUSB\ScanPanel\ScnPanel.exe [21/09/2007 5:55:02 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxuvwu]
cbxuvwu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"




-- End of Deckard's System Scanner: finished at 2008-04-06 10:17:47 ------------




KASPERSKY ONLINE SCANNER REPORT
Sunday, April 06, 2008 10:09:29 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/04/2008
Kaspersky Anti-Virus database records: 685361


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\
F:\

Scan Statistics
Total number of scanned objects 158606
Number of viruses found 4
Number of infected objects 29
Number of suspicious objects 6
Duration of the scan process 01:13:17

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\shaun\Application Data\Shareaza\Data\TigerTree.dat Object is locked skipped

C:\Documents and Settings\shaun\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Identities\{AA5408B1-FBF6-4FE2-B73A-4EE761B5893B}\Microsoft\Outlook Express\Deleted Items.dbx/[From "CitiBusiness" ][Date Wed, 26 Dec 2007 07:40:11 +0000]/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Identities\{AA5408B1-FBF6-4FE2-B73A-4EE761B5893B}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: suspicious - 1 skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Identities\{AA5408B1-FBF6-4FE2-B73A-4EE761B5893B}\Microsoft\Outlook Express\Sent Items (1).dbx/[From "myers l" ][Date Sun, 5 Feb 2006 07:35:40 +1100]/UNNAMED/UNNAMED/html Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Identities\{AA5408B1-FBF6-4FE2-B73A-4EE761B5893B}\Microsoft\Outlook Express\Sent Items (1).dbx/[From "myers l" ][Date Sun, 5 Feb 2006 07:35:40 +1100]/UNNAMED/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Identities\{AA5408B1-FBF6-4FE2-B73A-4EE761B5893B}\Microsoft\Outlook Express\Sent Items (1).dbx/[From "myers l" ][Date Sun, 5 Feb 2006 07:35:40 +1100]/UNNAMED Suspicious: Trojan-Spy.HTML.Fraud.gen skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Identities\{AA5408B1-FBF6-4FE2-B73A-4EE761B5893B}\Microsoft\Outlook Express\Sent Items (1).dbx Mail MS Outlook 5: suspicious - 3 skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_7JFPDPFV2ZSFAS4NTF5YPQ6PDI3LWVEE.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_CMZGW2I3KZMWVSNORKQTD5O2DXQBMNNE.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_DDJSPHNPPRUIQNW45VO63QRIKZBLE4UM.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_E5IF4X2TZZICYGLOBAISEDOLRROCKRJ3.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_GGGFEFOHM6OIYWBJNYTMNYFRYVNBJBIL.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_JQI3JM53EAB4ZFHIN7V2BHBPKML5OF3A.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_JXCUSDFTGV3ZWXPLYE2U4DALTTUDNJRJ.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_KHZ25KDVOTVJSWJY2AF3WDCXQLEE5AAS.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_RIOKVLOPCWKQ7MGNLTEZ374DF3HB3JP7.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Application Data\Shareaza\Incomplete\sha1_XYQA4OTZGXOKNQEQZFLPWQX3N6BUVOYO.partial Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\shaun\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\shaun\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\shaun\ntuser.dat.LOG Object is locked skipped

C:\QooBox\Quarantine\catchme2008-04-06_ 70216.28.zip/Documents and Settings/shaun/Desktop/catchme.zip/cbxuvwu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-04-06_ 70216.28.zip/Documents and Settings/shaun/Desktop/catchme.zip Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped

C:\QooBox\Quarantine\catchme2008-04-06_ 70216.28.zip ZIP: infected - 2 skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002137.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002137.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002137.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002152.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002152.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002152.exe RarSFX: infected - 2 skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002162.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\A0002185.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

C:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

E:\non music utilities\virus prtection stuff\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

E:\non music utilities\virus prtection stuff\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

E:\non music utilities\virus prtection stuff\SmitfraudFix.exe RarSFX: infected - 2 skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\kf141\keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\kf141\keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\kf141\keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\kf141\keyfinder.exe RarSFX: infected - 3 skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\xp key finderkf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\xp key finderkf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\xp key finderkf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\xp key finderkf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

E:\shauns stuff sss\shauns stuff\COMPUTER REPAIRS\xp key finderkf141.zip ZIP: infected - 4 skipped

E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

E:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\change.log Object is locked skipped

E:\virus stuff\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

E:\virus stuff\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

E:\virus stuff\SmitfraudFix.exe RarSFX: infected - 2 skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

F:\System Volume Information\_restore{75148E32-0519-4547-BD15-445C9BBA0D94}\RP4\change.log Object is locked skipped

F:\virus protection stuff\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\virus protection stuff\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

F:\virus protection stuff\SmitfraudFix.exe RarSFX: infected - 2 skipped

Scan process completed.

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:13 PM

Posted 12 April 2008 - 09:35 AM

Hi,

The forums are really busy, that explains why logs get behind. If you still need some help, please start with posting a new hijackthislog in this thread. Don't start with a new thread.
Then I'll take a look. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:01:13 PM

Posted 20 April 2008 - 12:17 PM

Since there is no feedback anymore, I assume this issue is resolved ... so, this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users